assigning a unique security group to each machine uses up security group quotas in HPCloud (openstack)
Bug #1027641 reported by
Dimitri John Ledkov
This bug affects 5 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
High
|
Gustavo Niemeyer | ||
pyjuju |
Triaged
|
High
|
Unassigned |
Bug Description
There are quotas of security groups on the hpcloud.
It seems like juju is creating a security group per environment and per each machine.
I would have expected juju to reuse a single security group per service.
Cause right now.... single 100 node service.... maxes out security groups - which are all identical...
I understand that this will limit my ability to expose a single machine from a service, or reuse a single machines in overlapping services.
Changed in juju-core: | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in juju-core: | |
milestone: | 1.9.4 → none |
Changed in juju: | |
milestone: | none → 0.8 |
Changed in juju: | |
status: | Confirmed → Triaged |
To post a comment you must log in.
I think this is a great idea.
There are issues with doing this though. Juju de-couples the machine creation from the purposing of the machine. One can remove a service from a machine, and add another to any machine right now.
Bug #833064 suggests doing the firewall inside the machine using iptables. I think that may be a more flexible approach.
Either way, the bug here is not a "should" but rather juju runs into HPCloud's security group quotas.